baltakatt Skrevet 23. september 2006 Del Skrevet 23. september 2006 Hei, håper noen her kan hjelpe meg. Tror jeg har fått virus/trojaner/adware, ihvertfall noe skumle saker på pc'en. Har scannet i safe mode med adaware, spybot search and destroy, windows defender, The cleaner, ewido, trojan hunter, ksapersky antivirus og ryddet opp med ccleaner, clean up, dishwasher og winaso registry optimizer. Fant noen virus som ble fjernet men likevel kommer det nye pop-ups. Håper noen kan se på denne hijack-loggen og hjelpe meg videre: Logfile of HijackThis v1.99.1 Scan saved at 15:05:36, on 23.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\Programfiler\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Apoint2K\Apoint.exe C:\Programfiler\Telenor\ecc\ecc.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\Programfiler\The Cleaner\tca.exe C:\Programfiler\The Cleaner\tcm.exe C:\WINDOWS\system32\fxssvc.exe C:\Programfiler\Apoint2K\Apntex.exe C:\Programfiler\TrojanHunter 4.6\THGuard.exe C:\Programfiler\ewido anti-spyware 4.0\ewido.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\WINDOWS\system32\taskmgr.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\Snoop Makki Mack\Skrivebord\HijackThis.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\HPZipm12.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqfru07.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.5000.1021\no\msntb.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [uhvjsul.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\uhvjsul.dll,mrpmvyf O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programfiler\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [tcactive] C:\Programfiler\The Cleaner\tca.exe O4 - HKLM\..\Run: [tcmonitor] C:\Programfiler\The Cleaner\tcm.exe O4 - HKLM\..\Run: [THGuard] "C:\Programfiler\TrojanHunter 4.6\THGuard.exe" O4 - HKLM\..\Run: [!ewido] "C:\Programfiler\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://www.europhoto.no/activex/ImageUploader3.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programfiler\ewido anti-spyware 4.0\guard.exe O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programfiler\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Lenke til kommentar
Pozzolan Skrevet 23. september 2006 Del Skrevet 23. september 2006 Hei, Slett følgende med hijackthis: O4 - HKLM\..\Run: [uhvjsul.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\uhvjsul.dll,mrpmvyf Så sletter du dette med Killbox C:\WINDOWS\system32\uhvjsul.dll Merk: Alt dette gjøres i sikkermodus. Skru av system restore før du begynner. Etter at du har gjort det poster du en ny logg fra vanlig windows modus. Lenke til kommentar
baltakatt Skrevet 23. september 2006 Forfatter Del Skrevet 23. september 2006 Er det Pocket Killbox jeg skal laste ned for å slette filen? Lenke til kommentar
baltakatt Skrevet 23. september 2006 Forfatter Del Skrevet 23. september 2006 ok, her er den nye hijackthis loggen: (har enda ikke fått noen pop-ups heller) ser det bra ut? Logfile of HijackThis v1.99.1 Scan saved at 19:12:50, on 23.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Apoint2K\Apoint.exe C:\Programfiler\Telenor\ecc\ecc.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\Programfiler\The Cleaner\tca.exe C:\Programfiler\The Cleaner\tcm.exe C:\Programfiler\TrojanHunter 4.6\THGuard.exe C:\Programfiler\ewido anti-spyware 4.0\ewido.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Apoint2K\Apntex.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\system32\fxssvc.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Documents and Settings\Snoop Makki Mack\Skrivebord\HijackThis.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\msiexec.exe C:\WINDOWS\System32\HPZipm12.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpqfru07.exe C:\Programfiler\Alwil Software\Avast4\setup\setup.ovr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.no/0SENONO/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.5000.1021\no\msntb.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programfiler\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [tcactive] C:\Programfiler\The Cleaner\tca.exe O4 - HKLM\..\Run: [tcmonitor] C:\Programfiler\The Cleaner\tcm.exe O4 - HKLM\..\Run: [THGuard] "C:\Programfiler\TrojanHunter 4.6\THGuard.exe" O4 - HKLM\..\Run: [!ewido] "C:\Programfiler\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://www.europhoto.no/activex/ImageUploader3.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programfiler\ewido anti-spyware 4.0\guard.exe O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programfiler\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Lenke til kommentar
baltakatt Skrevet 23. september 2006 Forfatter Del Skrevet 23. september 2006 Takker og bukker Stealthy! Nå ble ALT så mye bedre Lenke til kommentar
baltakatt Skrevet 23. september 2006 Forfatter Del Skrevet 23. september 2006 (endret) .....uff trodde alt virket brillefint, men så kom det pop-ups igjen. Kjørte smitfraudfix, ewido og ccleaner igjen i safe mode og nå ser hijackthis loggen ut slik: Logfile of HijackThis v1.99.1 Scan saved at 23:57:29, on 23.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\Ati2evxx.exe C:\Programfiler\ewido anti-spyware 4.0\guard.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Apoint2K\Apoint.exe C:\Programfiler\Telenor\ecc\ecc.exe C:\WINDOWS\system32\taskmgr.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\WINDOWS\system32\fxssvc.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programfiler\Apoint2K\Apntex.exe C:\Programfiler\Telenor\ecc\CCInstaller.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Documents and Settings\Snoop Makki Mack\Mine dokumenter\KNUT\Anti Virus\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.5000.1021\no\msntb.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programfiler\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://www.europhoto.no/activex/ImageUploader3.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programfiler\ewido anti-spyware 4.0\guard.exe O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programfiler\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Endret 23. september 2006 av baltakatt Lenke til kommentar
baltakatt Skrevet 23. september 2006 Forfatter Del Skrevet 23. september 2006 Noen pop-ups i ny og ne gjør egentlig ingenting, men det rareste er Windows oppgavebehandling. der dukker ikke brukernavnet opp(Snoop Makki Mack). bare enkelte plasser. vet ikke hva det skal bety? Lenke til kommentar
baltakatt Skrevet 24. september 2006 Forfatter Del Skrevet 24. september 2006 (endret) kjørte også en Panda activescan og her er resultatet der viser også at det "ulmer" i pc'en min. Mottar med glede tips om hva som kan gjøres for å få bort dette. Virus:Trj/DisableKey.A Disinfected Operating system --------------------------------------- Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Snoop Makki Mack\Cookies\snoop makki [email protected][1].txt ---------------------------------------------------- Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Snoop Makki Mack\Mine dokumenter\KNUT\Anti Virus\smitfraudfix\SmitfraudFix\Process.exe ------------------------------------------ Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Snoop Makki Mack\Mine dokumenter\KNUT\Anti Virus\smitfraudfix\SmitfraudFix.zip[smitfraudFix/Process.exe] ---------------------------------------------------------- Spyware:Spyware/Virtumonde Not disinfected C:\Programfiler\Fellesfiler\{F867FEE0-0678-1044-0625-03021029002f}\services.dll ------------------------------------------------ Virus:Trj/DisableKey.A Disinfected C:\WINDOWS\system32\unaoakg.dll Endret 24. september 2006 av baltakatt Lenke til kommentar
Pozzolan Skrevet 24. september 2006 Del Skrevet 24. september 2006 Prøv med Killbox på C:\WINDOWS\system32\unaoakg.dll og C:\Programfiler\Fellesfiler\{F867FEE0-0678-1044-0625-03021029002f}\services.dll Ser ut som det er synderen. SKulle ønske at de laget en ny versjon av hijackthis som oppdager slike ting! Husk å slå av system restore! Lenke til kommentar
baltakatt Skrevet 24. september 2006 Forfatter Del Skrevet 24. september 2006 Har gjort det nå, og foreløpig ser det bra ut....................igjen. har byttet nettleser fra explorer til opera også. skal ta en ny panda activescan og poste resultatet her. takker igjen for hjelpen så langt! Lenke til kommentar
baltakatt Skrevet 24. september 2006 Forfatter Del Skrevet 24. september 2006 Her er resultatet fra siste panda activescan: Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Snoop Makki Mack\Mine dokumenter\KNUT\Anti Virus\smitfraudfix\SmitfraudFix.zip[smitfraudFix/Process.exe] Så det minsker med problemer, men fortsatt litt igjen. skal jeg prøve å slette hele smitfraud mappa med killbox i safe mode eller? Lenke til kommentar
Pozzolan Skrevet 24. september 2006 Del Skrevet 24. september 2006 SmitfraudFix.zip er ikke farlig. Det er bare Process.exe som i noen tilfeller blir brukt til onde hensikter. Hvis det er alt den fant så ser det rent ut. Merk: Hvis du får en melding om at process.exe er et virus så er ikke dette tilfellet. process.exe brukes til å stoppe prosesser og er ikke en trussel i denne sammenhengen. Lenke til kommentar
baltakatt Skrevet 24. september 2006 Forfatter Del Skrevet 24. september 2006 Ok Håper alt er borte nå, takker for siste gang................håper jeg. Lenke til kommentar
baltakatt Skrevet 26. september 2006 Forfatter Del Skrevet 26. september 2006 hmmmm.......alt fungerer fint med opera nettleser, men siden jeg har mailen min på webhuset.no så må jeg innom explorer siden opera og webhuset ikke funker sammen. da får jeg popups fra vinantivirus og amaena. har lest litt rundt her om de popup-vinduene og har prøvd alt som er anbefalt. panda activescan viste ingenting og legger her ved den siste hijackthis loggen. Lurer på om noen kan få noe fornuftig ut av den? Vurderer sterkt en formatering og starte helt fra scratch igjen. Logfile of HijackThis v1.99.1 Scan saved at 23:25:28, on 26.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\Ati2evxx.exe C:\Programfiler\ewido anti-spyware 4.0\guard.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Programfiler\Apoint2K\Apoint.exe C:\Programfiler\Telenor\ecc\ecc.exe C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe C:\Programfiler\Windows Defender\MSASCui.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\TrojanHunter 4.6\THGuard.exe C:\Programfiler\Apoint2K\Apntex.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\System32\msiexec.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\HPZipm12.exe C:\Programfiler\Windows NT\Tilbehør\WORDPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Snoop Makki Mack\Mine dokumenter\KNUT\Anti Virus\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.online.no/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\AddOn\AcrobatReader\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6B77B0E6-9797-4512-B3E4-85D0DAEF8828} - C:\WINDOWS\system32\tuvtu.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file) O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.5000.1021\no\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\MSN Apps\MSN Toolbar\01.02.5000.1021\no\msntb.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ecc] C:\Programfiler\Telenor\ecc\ecc.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programfiler\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [Windows Defender] "C:\Programfiler\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [THGuard] "C:\Programfiler\TrojanHunter 4.6\THGuard.exe" O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - http://www.europhoto.no/activex/ImageUploader3.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: tuvtu - C:\WINDOWS\system32\tuvtu.dll (file missing) O20 - Winlogon Notify: winzqb32 - winzqb32.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programfiler\ewido anti-spyware 4.0\guard.exe O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Programfiler\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå